You are the Information Systems Security Officer (ISSO) for your organization an

Question

You are the Information Systems Security Officer (ISSO) for your organization and you see the following job posting on your company's website wwwwWRWNWWN Web Application Developer ISEC615 Inc. is a progressive software development company specializing in tracking solutions with a strong commitment to our customers. We are growing and adding new Developers to our Engineering Department. We are looking for dynamic, results oriented, enthusiastic individuals at all experience levels who thrive in a fast paced environment and enjoy staying up to date on technologies. Application Stack: Apache 2.2 Tomcat 6.x, 6.0.35, 6.0.36 HTML .CSS Javascript 1+ year RDMS/SQL experience 1+ year Unix/Linux environment experience ·2+ years web application development experience with any of the following languages: JavaScript, Perl, PHP, Python, Ruby Your qualifications will stand out if you have: A strong knowledge of information security principles

Explanation / Answer

The problem is with the mentioning of the version numbers of the apache and tomcat in the application.

This is not required and apache 2.2 and tomcat 6.0.35 and 6.0.36 should not be mentioned in the application as the attacker can exploit and can try to crack these version of the software.

Apache version number must not be disclosed to anyone as attacker can easily attack the server based on this information. There are specific techniques to hide this information and most of the companies used that in their development.

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.